Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release Workstation base template RPM with updated securedrop-keyring package #888

Closed
Tracked by #6794
rocodes opened this issue May 17, 2023 · 2 comments · Fixed by freedomofpress/securedrop-yum-prod#44
Closed
Tracked by #6794

Release Workstation base template RPM with updated securedrop-keyring package #888

rocodes opened this issue May 17, 2023 · 2 comments · Fixed by freedomofpress/securedrop-yum-prod#44
Assignees
@eaon @zenmonkeykstop

Comments

@rocodes
Copy link
Contributor

rocodes commented May 17, 2023
edited by zenmonkeykstop
Loading

Once #887 passes, the new base template should be released.
@rocodes rocodes mentioned this issue May 17, 2023
Closed
13 tasks
@zenmonkeykstop zenmonkeykstop transferred this issue from freedomofpress/securedrop May 18, 2023
This was referenced Jun 23, 2023
Merged
Closed
@rocodes
Copy link
Contributor Author

rocodes commented Jun 26, 2023
edited by eaon
Loading

Test Plan (yum-qa)

Hardware:
Scenario: Fresh Install (Since we're testing the new template, ensure your machine has not had a staging/dev SDW setup on it, i.e., wipe/reinstall QubesOS).

  • Follow the fresh install instructions to download the dom0 config RPM from yum.securedrop.org, install it, and configure your instance-specific details in config.json. In config.json, leave the environment as prod.
  • Once the rpm installs, use text editor with elevated privileges to edit the file /srv/salt/sd-config.yml to change the prod dom0_yum_repo_url from yum.securedrop.org/workstation/dom0 to yum-qa.securedrop.org/workstation/dom0
  • Let 'er rip! sdw-admin --apply

Testing:

  • Installation completes successfully
  • Do not run the updater. Inspect a VM based on the qubes-template-securedrop-workstation-bullseye template (i.e. one of our sd- VMs) and ensure it has the updated securedrop-keyring 0.2.1 package with the updated 2024 key expiry (apt show securedrop-keyring)
  • Basic inter-VM functionality works (logs flow from sd- VMs to sd-log, VMs start and shut down correctly, etc).

@eaon
Copy link
Contributor

eaon commented Jun 26, 2023

Test Plan (yum-qa)

Hardware: ThinkPad X1 Carbon Gen 6
Scenario: Fresh Install

Testing results:

  • Installation completes successfully
  • Do not run the updater. Inspect a VM based on the qubes-template-securedrop-workstation-bullseye template (i.e. one of our sd- VMs) and ensure it has the updated securedrop-keyring 0.2.1 package with the updated 2024 key expiry (apt show securedrop-keyring)
  • Basic inter-VM functionality works (logs flow from sd- VMs to sd-log, VMs start and shut down correctly, etc).

Happy to report this all checks out! As far as I'm concerned, the RPM is ready for promotion to prod.

@eaon eaon mentioned this issue Jun 26, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eaon eaon

@zenmonkeykstop zenmonkeykstop

Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
3 participants
@eaon @zenmonkeykstop @rocodes